Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

2016-12-22 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Done. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=09b768efa456fb 49f21e7ed19761ff24988464b9 Cheers, Simon. On 19/12/16 12:00, Donatas Abraitis wrote: > Ok > > Sent from my iPhone > >> On 19 Dec 2016, at 13:48

Re: [Dnsmasq-discuss] Query: DNSMASQ_LEASE_EXPIRES

2016-12-21 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/12/16 09:30, Nehal J Wani wrote: > On Thu, Sep 22, 2016 at 3:21 PM, Nehal J Wani > wrote: >> Hi! >> >> According to the man page of dnsmasq, DNSMASQ_LEASE_EXPIRES >> stores the time of lease expiry and

Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

2016-12-19 Thread Simon Kelley
t's enough 32, never hit this value > still. > > Sent from my iPhone > >> On 16 Dec 2016, at 18:43, Simon Kelley <si...@thekelleys.org.uk> >> wrote: >> > What backlog parameter works well for you? > > I'm happy to apply the patch if th

Re: [Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices

2016-12-16 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/11/16 15:52, Kevin Darbyshire-Bryant wrote: > I've got some packet captures now that have helped answer some of > the questions. > > 1) The DHCPADVERTISE in the log are included in just one packet. > > 2) The solicits from my ipad and the

Re: [Dnsmasq-discuss] Format Errors using add-subnet

2016-12-16 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I guess the obvious solution is to use another DNS server upstream instead of the Windows one.. Cheers, Simon. On 07/12/16 16:02, Scott Bonar wrote: > Albert, > > > First let me be clear - I don't believe this is a DNSMasq issue > since I can

Re: [Dnsmasq-discuss] listen-backlog option to override default (too small) value

2016-12-16 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 What backlog parameter works well for you? I'm happy to apply the patch if this is a dial that really needs to be tweakable, but if there are no downsides to moving the fixed backlog limit from 5 to 50 or 500, then let's just do that. There's no

Re: [Dnsmasq-discuss] SOA serial

2016-12-12 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The automatic SOA numbers that dnsmasq uses are designed to ensure that 1) The serial always increments when necessary and 2) never, ever goes backwards. That should be enough to not have to ever worry about them, but if you want to worry about

Re: [Dnsmasq-discuss] Dnsmasq-discuss search facility (s.O.T.)

2016-11-21 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm almost completely sure I've never done anything to remove the advertising from the mail-archive pages. I'm absolutely that I've not paid for that. Cheers, Simon. On 17/11/16 16:18, Jim Alles wrote: > Simon, > > I very much like the

Re: [Dnsmasq-discuss] [PATCH] rfc2131: Fix range address assignment not honoring vendor option filters

2016-09-09 Thread Simon Kelley
On 05/09/16 15:35, Hans Dedecker wrote: > Problem is visible when using multiple dhcp-ranges; one dhcp-range is a > "catch-all" > range without tags while the second dhcp-range has tags based on > vendor-class/user-class/... > If a client sends a DORA with no specific IP and no vendor/user class

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-09 Thread Simon Kelley
:34, Kevin Darbyshire-Bryant wrote: > Attached (in case the git send-email didn't work) > > Kevin :-) > > On 06/09/16 21:23, Simon Kelley wrote: > a) I tend to agree that it's pointless. > b) Not a run-time option, there are too many of those already. > c) Maybe the simple

Re: [Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

2016-09-09 Thread Simon Kelley
On 09/09/16 19:35, /dev/rob0 wrote: > On Fri, Sep 09, 2016 at 03:24:34PM +0100, Kevin Darbyshire-Bryant wrote: >> Having some issues with my 'onedrive for business' application >> which in turn uses 'sharepoint.com'. Short version: dnsmasq 2.76 >> thinks sharepoint.com is bogus. Directly

Re: [Dnsmasq-discuss] Hiding/obscuring version.bind

2016-09-06 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 a) I tend to agree that it's pointless. b) Not a run-time option, there are too many of those already. c) Maybe the simplest solution is something like a NO_ID compile time option that suppresses the whole .bind domain thing? Certainly happy to

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-05 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Duplicate MAC addresses, leading to duplicated link-local addresses? Cheers, Simon. > Tried all that, doesn't help. However, I have another box where > things work fine; "only" difference being the hardware. So I guess > it's not a bug in

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-04 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The traces you've both posted look good to me: dnsmasq is providing the correct value in the sin6_scope_id field of the destination address when sending the reply. The obvious difference between the failing case and the working one is that Toke is

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-03 Thread Simon Kelley
feb0:75a2", _addr), sin6_flowinfo=0, sin6_scope_id=if_nametoindex("wlan0")}, msg_iov(1)=[{"?9\201\200\0\1\0\1\0\0\0\1\3mit\3edu\0\0\1\0\1\300\f\0\1\0\1\0"..., 52}], msg_controllen=36, {cmsg_len=36, cmsg_level=SOL_IPV6, cmsg_type=, ...}, msg_flags=0}, 0) = 52 Cheers, Simon

Re: [Dnsmasq-discuss] Dnsmasq doesn't reply to queries made over (link-local) IPv6

2016-09-02 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 My first thought is that it's probably replying to the wrong interface: link local addresses can't be routed: you have to specify the interface they're connected to. This insight came late to me, and there's a chance that the dnsmasq code is still

Re: [Dnsmasq-discuss] dnsmasq does crash

2016-08-30 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sorry about this. Putative fix pushed to git. Cheers, Simon. On 30/08/16 19:47, e9hack wrote: > Hi, > > I did check it again. I did try to checkout > e94ad0fa01ccc8d0c39e069ab29b008f9c811600 'Suppress useless warning > about DHCP packets of

Re: [Dnsmasq-discuss] [PATCH] Improve --address and --ipset docs, fix --help output

2016-08-28 Thread Simon Kelley
On 18/08/16 23:19, Peter Wu wrote: > Hi, > > Recently I discovered the --ipset option but the manpage and --help output > were > slightly confusing, so here are some fixes for that. This patch is best viewed > with git diff --color-words or with side-by-side diff. > Applied. Many thanks. >

Re: [Dnsmasq-discuss] [PATCH] Refresh cached socket fd if the interface index changed

2016-08-28 Thread Simon Kelley
Patch applied, with a few tweaks, mainly for style consistency, but one to avoid passing strings of length zero to if_nametoindex(). Many thanks. Cheers, Simon. On 25/08/16 16:10, Beniamino Galvani wrote: > The socket bound to a specific interface in the daemon->sfds cache is > reused also

Re: [Dnsmasq-discuss] DHCP packet received on which has no address

2016-08-28 Thread Simon Kelley
On 25/08/16 11:32, Andrew Shadura wrote: > On 25/08/16 13:26, Andrew Shadura wrote: >> Okay, let me give you a more specific example, with just one of the >> interfaces. >> >> Let's say we've got eth0 with vlans: >> eth0.1, static config >> eth0.2, static config + dhcp server >> eth0.3, dhcp

Re: [Dnsmasq-discuss] Overwrite a public domain with dnsmasq while preserving external records?

2016-08-28 Thread Simon Kelley
It all depends on how you configure things: if you use entries in /etc/hosts or --host-record, --mx-record etc then they will only "mask" the external values for that exact domain name and record type. See the '#' targer for --server=/ for another option. Cheers, Simon. On 28/08/16 09:57,

Re: [Dnsmasq-discuss] I am getting some strange "reply login.gslb2.salesforce.com is NODATA-IPv4" errors

2016-08-17 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I just rand the same query and got this answer srk@julia:~$ dig @127.0.0.1 -p 1 login.salesforce.com ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @127.0.0.1 -p 1 login.salesforce.com ; (1 server found) ;; global options: +cmd ;; Got

Re: [Dnsmasq-discuss] dhcp doesn't work with dnsmasq in multi ip environment

2016-08-13 Thread Simon Kelley
On 09/08/16 08:23, Kolmann Philipp wrote: > I have checked the isc-dhcpd man page and found there a switch for > dhcp-server-identifier. I have tested my power-socket with isc-dhcpd with the > following setup: > > shared-network eth1 { > subnet 172.18.92.0 netmask 255.255.255.0 { > } > >

Re: [Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

2016-08-12 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/08/16 01:13, James Brown wrote: > Since I'm using static addresses, it seems like dnsmasq doesn't > actually need to know what subnet the client is in, though. Is > there any possibility of, for static address configuration, just > trusting

Re: [Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

2016-08-11 Thread Simon Kelley
rce VyOS product), so that might be tricky. > > On Thu, Aug 11, 2016 at 12:06 PM, Simon Kelley > <si...@thekelleys.org.uk> wrote: > > OK, so the "ignored" thing was a red-herring, now we have the > actual log s. > > You're ASCII art got mangled, so I can't

Re: [Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

2016-08-11 Thread Simon Kelley
.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080 > DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available > > On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley > <si...@thekelleys.org.uk> wrote: "dnsmasq-dhcp: 1302931552 > DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ig

Re: [Dnsmasq-discuss] serial number not changed on kill -HUP

2016-08-05 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Definitely a bug, not something you're doing wrong. We bump the serial when the zone changes because if new/changed DHCP leases, but forgot to do it on reload of hosts files. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=c8328ecde8

Re: [Dnsmasq-discuss] dhcp doesn't work with dnsmasq in multi ip environment

2016-08-05 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The DHCP client, once it establishes contact with the DHCP server will need to be able to send packet to the address in the DHCP-identifier option. This implies that once the client is set up and has an IP address and default route, it can talk to

Re: [Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

2016-08-03 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 "dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored" Implies that you've somehow configured dnsmasq to ignore this client, either with dhcp-host=,ignore or dhcp-ignore= Maybe take a look at the rest of the config you didn't

Re: [Dnsmasq-discuss] send logs to a remote server

2016-08-03 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/08/16 19:44, Rick Jones wrote: > On 08/03/2016 11:00 AM, John Pearson wrote: >> I'd like to send the logs to a remote server to process. I'm >> currently leaning towards using rsyslog for that. >> >> I looked into --log-facility sending to

Re: [Dnsmasq-discuss] can not receive reply from the list

2016-08-01 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is a test reply (to the list) to see if you get that. Apologies for the noise. Simon. On 01/08/16 10:41, XMing wrote: > Hi there, I have post a message " why not cache data obtained via > TCP?" to the list and Simo

Re: [Dnsmasq-discuss] why not cache data obtained via TCP?

2016-07-28 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 27/07/16 09:02, Albert ARIBAUD wrote: > Hi Ming, > > Le Wed, 27 Jul 2016 10:06:47 +0800 XMing a > écrit: > >> is there any regulation or spec about that? > > There is neither, and DNS records obtained through TCP /are/ >

Re: [Dnsmasq-discuss] [PATCH] auth-zone: allow to exclude ip addresses from answer

2016-07-24 Thread Simon Kelley
Patch applied, with a couple of trivial style changes. Many thanks, looks useful. Cheers, Simon. On 01/06/16 17:07, Mathias Kresin wrote: > It can be used, to ensure that answers contain only global routeable IP > addresses (by excluding loopback, RFC1918 and ULA addresses). > >

Re: [Dnsmasq-discuss] What does os02 mean here?

2016-07-24 Thread Simon Kelley
On 22/07/16 14:59, /dev/rob0 wrote: > On Fri, Jul 22, 2016 at 07:46:50PM +0800, 水静流深 wrote: >> There is a line in dnsmasq configuration file. >> >> dhcp-host=00:0C:29:5E:F2:6F,192.168.1.201,os02 >> >> What does os02 mean here? > > That's the hostname associated with the client. Even if the

Re: [Dnsmasq-discuss] No DHCP leases handed on bridge interface

2016-07-16 Thread Simon Kelley
On 16/07/16 12:16, Albert ARIBAUD wrote: > Alright... I'm out of ideas, sorry -- apart from recompiling dnsmasq > with ad hoc debug code. :/ > I can't see anything obvious from what's been posted so far, but it might be worth pointing out that this arrangement is used in millions of openWRT

Re: [Dnsmasq-discuss] DNSSEC and Mozilla domains not working

2016-07-16 Thread Simon Kelley
On 15/07/16 00:13, mmmfotografie wrote: > On 14-7-2016 23:22, Simon Kelley wrote: >> On 12/07/16 00:17, mmmfotografie wrote: >>> On 11-7-2016 23:08, Simon Kelley wrote: >>>> I just tried all those domains using 2.76 and 8.8.8.8 upstream and all >>>> behave

Re: [Dnsmasq-discuss] Strange replies for DNSSEC domains

2016-07-14 Thread Simon Kelley
On 13/07/16 20:15, mmmfotografie wrote: > Hi, I just had a problem when I wanted to visit a site and when I looked > it up in the log-file I recognize a strange behavior, that I had before > when I had wen I had the "DNSSEC/TLSA Validator" as plug-in of Firefox. > It stopped completely browsing

Re: [Dnsmasq-discuss] DNSSEC and Mozilla domains not working

2016-07-14 Thread Simon Kelley
On 12/07/16 00:17, mmmfotografie wrote: > On 11-7-2016 23:08, Simon Kelley wrote: >> I just tried all those domains using 2.76 and 8.8.8.8 upstream and all >> behaved correctly. 194.109.9.99 won't talk to me, so I can't try that. >> >> The upstream is clearly answe

Re: [Dnsmasq-discuss] DNSSEC and Mozilla domains not working

2016-07-11 Thread Simon Kelley
On 10/07/16 09:21, Marcel Mutter wrote: > I have enabled a few weeks ago DNSSEC and all seems to be working. > Yesterday I wanted to visit Mozilla.org and nothing happened. I see in > that the request is being sent to the upstream nameserver however > nothing is displayed by dnsmasq as response, I

Re: [Dnsmasq-discuss] Clarify/Improve DNSSEC related SIGHUP handling

2016-07-11 Thread Simon Kelley
Ah yes, I see the problem. Patch applied. Sorry it took so long :-( Cheers, Simon. On 11/07/16 08:54, Kevin Darbyshire-Bryant wrote: > > > Hi Simon, > > Please could you consider the attached patch. It solves a problem that > using dnssec-timestamp also effectively enabled

Re: [Dnsmasq-discuss] [PATCH] fix for netlink ENOBUF problem

2016-07-11 Thread Simon Kelley
Great stuff. Thanks chasing this. Patch applied. Cheers, Simon. On 11/07/16 13:17, Ivan Kokshaysky wrote: > Hi Simon, > > as expected, the second patch works well for us. Please apply. > > Ivan. > > diff --git a/src/netlink.c b/src/netlink.c > index 049247b..8cd51af 100644 > ---

Re: [Dnsmasq-discuss] [PATCH] Fix manpage typo.

2016-07-10 Thread Simon Kelley
Patch applied. Many thanks. Cheers, Simon. On 10/07/16 16:39, Kristjan Onu wrote: > I think I found a small typo in the dnsmasq manpage, patch attached. > > Kristjan > > > > ___ > Dnsmasq-discuss mailing list >

Re: [Dnsmasq-discuss] Failure on dnssec-check-unsigned for Cloudflare re-delegated domains

2016-07-07 Thread Simon Kelley
On 19/06/16 10:53, Toke Høiland-Jørgensen wrote: > I recently moved one of my domains to Cloudflare DNS. This has caused > some issues with resolving through dnsmasq when dnssec-check-unsigned is > enabled. Cloudflare supports DNSSEC and resolving the hostnames directly > specified in their DNS

Re: [Dnsmasq-discuss] systemd service improvements

2016-07-07 Thread Simon Kelley
Replying to original post, but I've also read the rest of the thread. I agree with most of the other replies: a systemd unit file is equivalent to an init script - not something to be installed by the dnsmasq source distribution, you'll find that make install doesn't add any files apart from

Re: [Dnsmasq-discuss] [PATCH] fix for netlink ENOBUF problem

2016-07-07 Thread Simon Kelley
Great, many thanks. Is this patch on top of the original one, or an alternative? Once it's all resolved, I'm happy to take the final patch. Cheers, Simon. On 07/07/16 19:23, Ivan Kokshaysky wrote: > On Thu, Jul 07, 2016 at 03:32:11PM +0100, Simon Kelley wrote: >> On 06/07/16 14

Re: [Dnsmasq-discuss] dhcp-range broke in 2.76

2016-07-07 Thread Simon Kelley
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q1/010386.html is relevant. the short answer is that your dhcp-range never was valid, and parsing has been tightened up to reject it rather than misunderstanding it. Cheers, Simon. On 06/07/16 15:31, Matthew Keeler wrote: > I have

Re: [Dnsmasq-discuss] [PATCH] fix for netlink ENOBUF problem

2016-07-07 Thread Simon Kelley
On 06/07/16 14:55, Ivan Kokshaysky wrote: > On Mon, Jul 04, 2016 at 01:58:43PM -0400, wkitt...@gmail.com wrote: >> On 07/04/2016 11:29 AM, Ivan Kokshaysky wrote: >>> To fix that we need to purge the netlink buffer on ENOBUF error. With the >>> appended patch dnsmasq is running flawlessly for about

Re: [Dnsmasq-discuss] Dynamic-range clients don't get the same IP address when rebooted

2016-06-23 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 23/06/16 21:02, John Groves (jgroves) wrote: > I'm a long-time dnsmasq user, but first-time poster. I can't > imagine that this hasn't been discussed before, but I wasn't able > to come up with search terms to find it. > > This arises because

Re: [Dnsmasq-discuss] abandoned

2016-06-23 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The ABANDONED state it indicates that dnsmasq had to do too much work to verify the DNSSEC data. It counts the number of queries it has to make to get the data needed to verify DNSSEC, and if that exceeds a fixed number (about 100, I think) then it

Re: [Dnsmasq-discuss] Segmentation fault with newest dnsmasq 2.76

2016-05-26 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Since this seems to be easily reproducible, it should be fairly easy to chase down. Ideally, we need to recomiple dnsmasq with debugging symbols, and the then run it under gdb to get information about exactly where it's failing. If you know how to

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.76

2016-05-21 Thread Simon Kelley
On 21/05/16 11:53, Matthias Andree wrote: > Good to know, and thanks for looking. > > I took a false positive into account especially on the FreeBSD 9.3 > warnings that are gone on 10.1; FreeBSD 9.3 uses a pretty old GCC > version ("cc (GCC) 4.2.1 20070831 patched [FreeBSD]", ISTR it branched >

Re: [Dnsmasq-discuss] Announce: dnsmasq-2.76

2016-05-20 Thread Simon Kelley
-only code in the tree is not checked that way, unfortunately. Thanks for committing 2.76. Cheers, Simon. On 18/05/16 23:24, Matthias Andree wrote: > Am 18.05.2016 um 17:44 schrieb Simon Kelley: >> I've just released dnsmasq 2.76. >> >> Download from http://thekelleys.org

[Dnsmasq-discuss] Announce: dnsmasq-2.76

2016-05-18 Thread Simon Kelley
I've just released dnsmasq 2.76. Download from http://thekelleys.org.uk/dnsmasq/dnsmasq-2.76.tar.gz It's more than nine months since the last release, so get the new code quick, there's lots to go at. Cheers, Simon. ___ Dnsmasq-discuss mailing list

Re: [Dnsmasq-discuss] Uncensoring Sci-Hub.io: how to deal with subdomains & local DNS records?

2016-05-18 Thread Simon Kelley
I don't have much of a clue about this, but as you've asked on the dnsmasq list, one dnsmasq-based thing you can do is enable log-queries in your dnsmasq configuration. That will tell you what queries are being made, and what answers are coming back. ETA. I wonder if the problem is

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-15 Thread Simon Kelley
On 15/05/16 14:39, Dreamcat4 wrote: > Hi, > Tried the 2.76rc2 this morning. Seems fine / OK for me. > Great. Thanks for that. Cheers, Simon. > Have uploaded the binary here again (same place as before): > > https://dl.bintray.com/dreamcat4/linux/dnsmasq/ > > > > On Sun, May 15, 2016 at

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-15 Thread Simon Kelley
On 15/05/16 09:03, Michael Kuron wrote: > Hi Simon, > > thanks, it’s working fine for me now. Before releasing 2.76, it would > be good if more people could test this on actual hardware. Also, > there’s one more item that needs to go into the release notes: we now > redirect all clients to port

Re: [Dnsmasq-discuss] DNSSEC on lookups of *.paypal.com no longer work

2016-05-14 Thread Simon Kelley
On 14/05/16 19:55, Uwe Schindler wrote: > Hi Simon, > >>> Well, that's the smoking gun. Dnsmasq is doing the right thing, and your >>> upstream server at 212.202.215.1 is broken. I realise that doesn't solve >>> the problem, but at least you know where to work now :) >>> >>> >>> (the reason

Re: [Dnsmasq-discuss] Does dnsmasq support forwarding EDNS queries?

2016-05-14 Thread Simon Kelley
On 10/05/16 22:03, Jake Gold wrote: > Hello, > > I'm using dnsmasq as a local caching resolver and some of my queries result > in large answers (~1300 bytes) that are truncated without EDNS. > > When I query my local dnsmasq daemon: > > dig @localhost > > dig sends a query to dnsmasq using

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-14 Thread Simon Kelley
Great, thanks. I've applied your patch and made a further change: instead of changing the filename behaviour based on CSA, it looks at the filename provided. If it has a suffix (strictly, if it includes a '.' character) then the filename is used as-is. Otherwise it as the layer added as suffix.

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-11 Thread Simon Kelley
On 11/05/16 07:04, Jarek Polok wrote: > On 05/10/2016 06:44 PM, Simon Kelley wrote: > The full up to date list of arches seems to be there: > > > http://www.ietf.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xml#processor-architecture > > > (but only types 0 to

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-11 Thread Simon Kelley
On 11/05/16 07:04, Jarek Polok wrote: > On 05/10/2016 06:44 PM, Simon Kelley wrote: >> I just pushed my take on this to git. It's untested, and covers what I >> think are the correct choices so far. Please could you all test? >> >> I picked >> >> 1) .0

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-10 Thread Simon Kelley
filed always set. I'd like to release 2.76 ASAP so I've chosen to make an RC1 release, but that doesn't mean that I think this patch is right, or that I won't accept changes before the final release. Cheers, Simon. On 10/05/16 16:42, Jarek Polok wrote: > Hi > > On 05/10/2016 04:55

[Dnsmasq-discuss] Announce: dnsmasq 2.76 release-candidate.

2016-05-10 Thread Simon Kelley
I've just pushed 2.76rc1 to the usual places. It's been a long time since the last stable release, and there's a load of new code that really should be in general use. Please test this if you can. There are likely to be a few more 2.76rc releases to finalise the current work on PXE booting UEFI,

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-10 Thread Simon Kelley
Lots of good info. Thanks everybody. Some more queries. First, I'm minded to go with Michael's choice for "enabling" workarounds; ie do what's needed to make things work with buggy PXe menu's when there's exactly one relevant menu entry. Second, .0 vs. .efi What's not been mentioned here is

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-08 Thread Simon Kelley
I don't think that doing bug work-around behavior automagically is a good idea. If it is required to do non-standard stuff, that should be explicit. The difference between Michael's patch and Jarek's seems to be that Michael's works automatically when there is precisely one valid boot service

Re: [Dnsmasq-discuss] ProxyDHCP mode is broken for serving ipxe.efi to UEFI pxe clents

2016-05-07 Thread Simon Kelley
On 06/05/16 12:58, Jaroslaw Polok wrote: > Hi > > On 06/05/16 12:40, Dreamcat4 wrote: > >> >> Perhaps later down the line (once more people get onboard and can start >> using it), then this pxe UEFI mode can be improved even further. Either >> buy some fresh eyes coming along to fix problems in

Re: [Dnsmasq-discuss] List of DHCP options supported by Dnsmasq

2016-05-07 Thread Simon Kelley
On 07/05/16 00:28, Sivabalakrishnan M wrote: > Hi, > > Could you please let me know the list of DHCP options supported by Dnsmasq? > Are there any known restrictions/limitations? Or all the options listed in > the below link are supported? > >

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-04 Thread Simon Kelley
On 03/05/16 18:48, Kevin Darbyshire-Bryant wrote: > Hi Simon, > > Thanks for getting back to me. Kermit is a Windows Home Server box and > is definitely not net or dual booted. Here's the relevant 'log dhcp' > extract from a clean boot of it. > >

Re: [Dnsmasq-discuss] [PATCH] Fix DHCPv4 reply via --bridge-interface alias interface

2016-05-03 Thread Simon Kelley
That seems quite straightforward. Thanks. Patch applied without change. Cheers, Simon. On 08/04/16 19:27, Neil Jerram wrote: > I'm sorry not to have noticed this before now, but I just spotted that > DHCPv4 handling via --bridge-interface interfaces was broken between > v2.72 and v2.73. My

Re: [Dnsmasq-discuss] Too many logs produced when using a lot of “server=/domain/nameserver” config entires

2016-05-03 Thread Simon Kelley
I just committed some code to limit these logs, if there are more than 30 servers, only the first 30 are logged, followed by a single line which gives the number not logged. The 30 was a reasonable default, it's changeable in src/config.h Does that seem like a good solution? Cheers, Simon.

Re: [Dnsmasq-discuss] dhcpv6 server hangs while dhcp server and RAs continue normally

2016-05-03 Thread Simon Kelley
On 01/05/16 20:46, James Feeney wrote: > Arch Linux > dnsmasq 2.75-1 > linux 4.5.2-1 > > I mentioned about two weeks ago, the dnsmasq dhcpv6 server will just stop > responding after running normally for a while. There have been no comments > that > I have seen. Any thoughts? Is there a way to

Re: [Dnsmasq-discuss] Using nftables internal "ipset" rule

2016-05-03 Thread Simon Kelley
I think the way to go with this may be to use the libnftnl library. http://netfilter.org/projects/libnftnl/index.html Unfortunately, there doesn't appear to be any documentation for that (or the underlying netlink API). I guess that the answer to your question is that it would be a good idea

Re: [Dnsmasq-discuss] Huge hosts file and CPU usage

2016-05-02 Thread Simon Kelley
On 26/04/16 23:43, Mike Leong wrote: > Hi, > > I have a blacklist of 1.5 million entries loaded into dnsmasq via "address" > definitions. eg: > > address="/bad-site.com/192.168.5.1" > > The 1.5 million entries are a list of porn/warze sites collected from > various blacklists. > > According

Re: [Dnsmasq-discuss] IPv6 dhcp strangeness

2016-05-02 Thread Simon Kelley
On 30/04/16 11:32, Kevin Darbyshire-Bryant wrote: > Further clues maybe: So initially when kermit comes up it grabs an IPv4 > address and I see this entry in dnsmasq's lease database: > 1462055024 e0:3f:49:a1:d4:aa 192.168.219.4 Kermit 01:e0:3f:49:a1:d4:aa > > Which looks pretty normal to me.

Re: [Dnsmasq-discuss] dnsmasq does not respect BOOTP's broadcast flag

2016-04-25 Thread Simon Kelley
What software is your PC running? The DHCP client is broken. Look at https://www.ietf.org/rfc/rfc2131.txt paragraph 4.3.6 The DHCP requests your PC is sending have no server-ip option, no, requested-ip option and the ciaddr field is zero. That combination doesn't fit any of the columns in the

Re: [Dnsmasq-discuss] Little detail in DHCP address allocation

2016-04-25 Thread Simon Kelley
Thanks for that. I pushed that fix, and the equivalent one in the DHCPv6 code, which got the same error by cut 'n paste Cheers, Simon. On 16/03/16 11:33, Luís Carvalho wrote: > Hi, > > I was trying to understand how dnsmasq computes the IP it gives out to a > specific computer, which

Re: [Dnsmasq-discuss] Bug with EDNS packet size and DNS server files

2016-04-25 Thread Simon Kelley
I think your diagnosis and fix are both spot-on. Initialising the edns_pktsz field in server records at the on of the option-reading code misses files read via --servers-file. The best way to fix that is to do the initialisation, in all cases, in check_servers() since that's always called after

Re: [Dnsmasq-discuss] Disable caching for some hostname

2016-04-04 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 If the CNAME is updated automatically, it should have a very short (or even zero) time-to-live in the upstream nameserver. Dnsmasq will honour such a TTL value. Cheers, Simon. On 31/03/16 10:23, Fabio Venturi wrote: > Hello to anyone, I've setup

Re: [Dnsmasq-discuss] dnsmasq does not respect BOOTP's broadcast flag

2016-04-04 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Please could you post the actual packet capture for that capture, instead of a screenshot? I need to look at other parts of the packet which are not shown to understand what's going on. (Save as... from the wireshark File menu should do the

Re: [Dnsmasq-discuss] dig for an ip address returns A record instead of NXDOMAIN

2016-04-04 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This behaviour isn't configurable (though it perhaps should be). If you look for the string "A for A" in src/rfc1035.c you'll find where it's implemented, if just patching it out is good enough. Cheers, Simon. On 30/03/16 18:05, Jeff Weber

Re: [Dnsmasq-discuss] Unable to resolve before dhcp

2016-04-02 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/03/16 23:48, David Erickson wrote: > All- We are using dnsmasq inside ddwrt and have noticed that we are > unable to resolve reserved dhcp names until after a device has > dhcp'd. IE the following config line: > >

Re: [Dnsmasq-discuss] [PATCH] --dont-mirror-queries option

2016-03-04 Thread Simon Kelley
On 01/03/16 21:23, Kurt H Maier wrote: > On Tue, Mar 01, 2016 at 06:50:14PM +0000, Simon Kelley wrote: >> On 24/02/16 23:38, Kurt H Maier wrote: >> >> This approach assumes that all the servers are dnsmasq, and running the >> loop-detection code, which is a reasonab

Re: [Dnsmasq-discuss] [PATCH] add --tftp-mtu option to set the MTU for the TFTP server

2016-03-04 Thread Simon Kelley
On 03/03/16 23:33, Patrick McLean wrote: > On Tue, 1 Mar 2016 17:28:35 + > Simon Kelley <si...@thekelleys.org.uk> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> On 28/02/16 10:47, ?? wrote: >>> Greetings. >>

Re: [Dnsmasq-discuss] Max. limit for DHCP ranges

2016-03-04 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/03/16 19:23, Sivabalakrishnan M wrote: > Hi, > > I understand the maximum number of leases (or dhcp clients) > supported is 1000 by default. > > Could you please let me know the maximum number of DHCP ranges that > the user can configure? Is

Re: [Dnsmasq-discuss] bug: dhcp range parsing bug

2016-03-03 Thread Simon Kelley
On 02/03/16 18:14, Andrew White wrote: > Hi, > > version > 2.65 introduced a bug where this command gives "bad dhcp-range" > > ./src/dnsmasq -F dhcp-range=set:tag1,192.168.1.1,192.168.1.254,static This was always wrong, so complaining about it is correct. The "static" flag _replaces_ the

Re: [Dnsmasq-discuss] [PATCH] --dont-mirror-queries option

2016-03-01 Thread Simon Kelley
On 24/02/16 23:38, Kurt H Maier wrote: > On Wed, Feb 24, 2016 at 05:20:14PM +0000, Simon Kelley wrote: >> >> I wonder if a better solution to the loop-detection is to mark queries >> with a UID of all the servers they've been forwarded by, in an EDNS0 >> option.

Re: [Dnsmasq-discuss] prevent dnsmasq from releasing IPs

2016-03-01 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/03/16 09:29, Nicolas Cavallari wrote: > On 26/01/2016 14:46, Simon Kelley wrote: >> >> >> On 26/01/16 13:42, Stefan Priebe - Profihost AG wrote: >> >> >> >>> what about writing and sendin

Re: [Dnsmasq-discuss] DNS TTL for responses based on DHCP leases

2016-02-26 Thread Simon Kelley
one second later. > > Do you think that's feasible? > No sooner said, than done. Seems a sensible addition. Cheers, Simon. > Cheers, Lorin > > On Wed, 24 Feb 2016 at 23:12 Simon Kelley <si...@thekelleys.org.uk> > wrote: > >> I just pushed changes to gi

Re: [Dnsmasq-discuss] [PATCH] add --tftp-mtu option to set the MTU for the TFTP server

2016-02-24 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thanks for that. I've somewhat reworked it so that the supplied MTU is a ceiling (ie, you can reduce the used MTU with the option, but not increase it.) That would seem to be safer. In the git repo now. Please shout if I've broken things for

Re: [Dnsmasq-discuss] DNS TTL for responses based on DHCP leases

2016-02-24 Thread Simon Kelley
I just pushed changes to git which 1) Support the TTL parameter in --host-record and --cname 2) Add --dhcp-ttl, which overrides --local-ttl but only for DHCP-derived information. Between those, I think you should be able configure something suitable. Cheers, Simon. On 12/02/16 21:56, Lorin

Re: [Dnsmasq-discuss] [PATCH] --dont-mirror-queries option

2016-02-24 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 13/02/16 14:21, Chris Novakovic wrote: > On 13/02/2016 13:09, Simon Kelley wrote: >> Will try and remember to reply to your other points, but on this >> one, the way I'd do it (assuming you don't have problems with >>

Re: [Dnsmasq-discuss] multiple offers with same IP to different MAC addresses

2016-02-23 Thread Simon Kelley
On 20/02/16 12:51, Legacy, Allain wrote: > We recently encountered a scenario where 2 different client machines sent > discover packets at the exact same time and ended up getting offer responses > for the same IP address. I confirmed that the algorithm in > dhcp.c::address_allocate() would

Re: [Dnsmasq-discuss] CVE-2015-7547 tcp path mitigation hack

2016-02-18 Thread Simon Kelley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 That would do it. Or just block port-53/TCP Cheers, Simon. On 18/02/16 04:30, starli...@binnacle.cx wrote: > UDP path mitigation covered by > > edns-packet-max=512 > > Ugly but effective TCP fix: > > > --- src/forward.c.orig 2011-02-17

Re: [Dnsmasq-discuss] disabling reverse dns lookup in dnsmasq

2016-02-18 Thread Simon Kelley
ere a way to enable reverse lookup for a certain type of network in > dnsmasq? Like requests comming from 192.168.0.0/24 and disable reverse lookup > for the rest? > > Best Regards, > > Guy > >> Op 17 feb. 2016 om 18:34 heeft Simon Kelley <si...@thekelleys.org.uk> h

Re: [Dnsmasq-discuss] CVE-2015-7547 and dnsmasq

2016-02-18 Thread Simon Kelley
The edns-packet-max does _not_ apply to TCP replies. Looking through the CVE, those are vulnerable (for instance is an attacker returns a reply with the trucated bit set, forcing fallback to TCP). For most cases, a quick and effective fix would be simply to block port-53/TCP The default value of

Re: [Dnsmasq-discuss] Some dns entries are not cached properly

2016-02-17 Thread Simon Kelley
On 16/02/16 12:48, Comerma Pare, Antoni wrote: > Sorry for my late answer, but our corporate email server seems to dislike > mailing lists and ate the message up. Searching the web I've found the > answer. That's why I'm answering to my previous message > > The cname can be resolved > > $ dig

Re: [Dnsmasq-discuss] dnsmasq process in S, D state causing high load average

2016-02-17 Thread Simon Kelley
Best I can suggest is to fix the cause of some interfaces failing the DAD test. Failing that, patch dnsmasq to avoid the polling looking for DAD to succeed. Cheers, Simon On 17/02/16 12:53, green krypton wrote: > 500 instances in 500 vlans > > On Sat, Nov 21, 2015 at 3:05 AM, Sim

Re: [Dnsmasq-discuss] How to use dnsmasq to mitigate dangers of CVE-2015-7547?

2016-02-17 Thread Simon Kelley
I've not looked at the discussion in detail, but as far as the dnsmasq code is concerned. 1) Reply UDP packets are truncated to edns_packet_size plus a smallish constant. 2) Malformed packets will not generally be rejected. 3) There's no limit imposed on TCP stream size, other the 2^16 bytes

Re: [Dnsmasq-discuss] DNS TTL for responses based on DHCP leases

2016-02-15 Thread Simon Kelley
On 12/02/16 21:56, Lorin Weilenmann wrote: > Hi Simon, > > Thanks for taking the time and for your reply! > >>> You've almost answered your own question: the reason that the TTL is >>> zero unless over-ridden is that a client can send a DHCP-RELEASE at >>> any time: just because a DHCP lease of

Re: [Dnsmasq-discuss] [PATCH] --dont-mirror-queries option

2016-02-13 Thread Simon Kelley
On 06/02/16 00:01, Chris Novakovic wrote: > Before writing this patch I tried to get similar functionality by > setting up secondary DNS-only servers on each of the hosts and having > them refuse queries that couldn't be answered locally, then configuring > the primary dnsmasq servers in the way

<    1   2   3   4   5   6   7   8   9   10   >